BUG BOUNTY: BYPASSING WAF TO GET LFI (REAL TARGET) | 10K SPECIAL

BUG BOUNTY: BYPASSING WAF TO GET LFI (REAL TARGET) | 10K SPECIAL | 2023

Рет қаралды 11,488

BePractical

Күн бұрын

Пікірлер: 34

@mandikgoyal7740 11 ай бұрын

Very Informative Videos Keep up the good work

@Th3-Noob-Audit0rs 11 ай бұрын

❤ hope your video's bypass KZbin guidelines also

@BanglaEdition24 11 ай бұрын

😂

@FAHADKHATRI12 11 ай бұрын

This is valuable information!

@морс-ф3д 11 ай бұрын

Congratulation on you 10000 subs!!!) You deserve MORE!!!!

@Deepakkumar-pm2kt 11 ай бұрын

Loved the video man. Learnt a lot from how your explanations.

@Fractal_reComm 4 ай бұрын

Dude, I'm a big fan and I admire and inspire me, your work, I would like you to help me find simpler sites like this. Generally, my targets are very well protected, but it's possible to overcome them. them and this takes much more time than in simpler systems, I have little experience but I have already found some cool vulnerabilities, I still can't afford better education in cybersecurity, I would be very happy and I'm sure that the entire community that is also starting out would be very happy and would help a lot, thank you for everything, I hope you read it

@HunterX461 11 ай бұрын

Congratulations bro for 10k fam ❤🎉Next milestone is of 50k subs😊

@abduls4479 11 ай бұрын

Awesome video.. thanks man

@islamkafafy6984 11 ай бұрын

Wow Dude you are amazing keep uploading top tier videos more

@zahiruddinahmad55 11 ай бұрын

Please make a video 403/404 bypass

@ReligionAndMaterialismDebunked 11 ай бұрын

Yeee. More of these would be awesome. Hehe. I know we can add hostname:3000, and some stuff like that.

@imran_hossain123 10 ай бұрын

Thanks from Bangladesh

@gauravkesharwani5557 6 ай бұрын

Great explanation bro. Many people teach if we want to check for such vulnerabilities we need to use payloads like ../../../../etc/passwd. However you shared another perspective - why to just try /etc/passwd, if we can check with other files within web root leading to source code reveal. Thanks for sharing this content

@MRIDULSG 11 ай бұрын

I have a question regarding this. What I understand is in LFI, you can actually execute the files on the server. In this case, the index.php file shall show the output of the executed version of the index.php file instead of showing the source code. In directory traversal, we can see the content of the file. Please Correct me if I'm wrong.

@BePracticalTech 11 ай бұрын

Actually in local file inclusion, you will be able to see the contents of files present on the server. However, there are certain scenarios where you'll be able to execute the files(like you mentioned) but it depends from target to target. The vulnerable endpoint here was actually serving the content of the pdf that's why we were able to get the content of source code. Hope you understood